Download
david evans http www cs virginia edu evans n.
Skip this Video
Loading SlideShow in 5 Seconds..
David Evans http://www.cs.virginia.edu/~evans PowerPoint Presentation
Download Presentation
David Evans http://www.cs.virginia.edu/~evans

David Evans http://www.cs.virginia.edu/~evans

133 Vues Download Presentation
Télécharger la présentation

David Evans http://www.cs.virginia.edu/~evans

- - - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

  1. Lecture 24: CS551 Jeopardy Who wants to be a quadrillion ire? David Evans http://www.cs.virginia.edu/~evans CS551: Security and Privacy University of Virginia Computer Science

  2. Menu • PS4 Comments • Where to go from here • Short term, medium term, long term • Andy & Carl’s Independent Study Project • Jeopardy University of Virginia CS 551

  3. Course Name Suggestions • Gregory Lamm & Dev Batta: “Opening security and cryptographic concepts within Pandora’s Digital Box” • Dave Rubens & John Loizeaux: “Security, Privacy, and the Zen of Information Hiding” • Chris Hayden and James Tsai: “Security and Privacy on the Internet: Putting Eve and Melissa out of business” University of Virginia CS 551

  4. Course Name Suggestions • Virginia Volk & Carl Morris: “Internet Security – Get them before they get you.”, “Internet Security – Why I no longer have a job because I once stated I hated the NSA.” • Ryan Persaud & Sachin Kamath: “Cryptography, Privacy, and the Internet. (or: How to become paranoid and learn to “trust no one” in one semester) University of Virginia CS 551

  5. Best security conference is called “IEEE Symposium on Security and Privacy” Using broader definition of “Privacy” (includes encryption, etc.) than Saltzer does. (Marketing purposes only) Course Name Explanation “Security and Privacy on the Internet” University of Virginia CS 551

  6. Content Suggestions • 1/3: More focus on practical system security issues • 1/3: Go into more depth on fewer topics, just cover cryptography stuff in more detail • Others: • Have 2 separate courses: 1 on cryptology and protocols, 1 on system security • Have some implementation assignments (e.g., encryption algorithms) University of Virginia CS 551

  7. Where to go from here?Short Term • 5:00 Today, Olsson 009 • Graduate Information Dinner • Jessica Hodgins (CMU) and Lisa Zheng (Lucent), Carla Ellis (Duke) • Tomorrow, 5-8 PM, O’Neill’s • Happ-E Hour! • Friday, Dec 15 (noon) – CS Department Holiday party and Awards Show University of Virginia CS 551

  8. Where to go from here?Short Term • Take-home final – due Dec 11 at 5:00pm • Fill out course evaluations • Official SEAS evaluation by Dec 10 • Unofficial course-specific evaluation – before you leave for winter break • Go to Lorrie Cranor’s talk – Jan 24 University of Virginia CS 551

  9. Final • Handed out at end of class today • Final rules: • Don’t talk to anyone about the final until after Monday Dec 11, 5:00 pm • You may use any non-human resources you want (but cite what you use) • No time limit (but you should be able to produce a full-credit answer in about 5 hours) University of Virginia CS 551

  10. Dispelled by Team 7’s project. Not true – read the SEAS Tenure guidelines (teaching is 1/3rd) Not true – but comments must be well-supported (e.g., “Prof sucks and smells bad.” is ignored.) Not true – need very specific questions to do this (hence the unofficial course-specific survey and PS4 #3.) SEAS Course Evaluations Myths • They are secure. • They are anonymous. • The administration doesn’t take teaching seriously. • The administration doesn’t care what students think. • They are used to improve courses. University of Virginia CS 551

  11. Course Evaluations • Fill out the SEAS Evaluation by Dec. 10 (hopefully they will fix the site by then!) • Its not secure, but I promise not to break in... • Write comments based on whether you want me to get fired or promoted • Fill out my course-specific survey • Help improve future versions of the course for later students University of Virginia CS 551

  12. Where to go from here?Long Term (4th Years) • Get a cool security job • Companies in Virginia/DC: Cigital, Portris CyberCash, NSA, Network Associates • Companies further away: Counterpane, RSA, @Stake, CheckPoint, VeriSign, Cryptography University of Virginia CS 551

  13. Where to go from here?Long Term (3rd Years) • Do research project • I will supervise (and possibly fund over summer) projects on: • Static Checking • Code Safety • Programming the Swarm • Your ideas if you can convince me they are interesting... University of Virginia CS 551

  14. Thanks! University of Virginia CS 551

  15. Andy & Carl’s Excellent Adventure University of Virginia CS 551

  16. Jeopardy University of Virginia CS 551

  17. Jeopardy Rules • $1Q, $2Q, $4Q – raise hand to answer, first team spotted will be asked to answer, whoever is picked must answer right away • Lose value for wrong answer. • All teams answer $10Q questions, answer value at complete discretion of Dave • Projects category: group who did the project cannot answer, until everyone else gives up • After all questions, there will be Final Jeopardy • Team with the highest total, gets prizes (don’t get cash) University of Virginia CS 551

  18. Prizes: Top Team • Simon Singh, “The Code Book” • Stories about cryptography • Douglas Hofstadter, “Gödel, Escher, Bach: An Eternal Golden Braid” • Logic, Computability, Recursion, Paradoxes, etc. in art, music and CS • Stephen Ambrose, “Undaunted Courage” • How to manage research projects • “Surely You’re Joking, Mr. Feynman” University of Virginia CS 551

  19. Prizes: Winner and Runner-Up • T-Shirts donated by RSA Prizes: Consolation • “Beer for Dummies” • “The Complete Idiot’s Guide to Making Millions on the Internet” University of Virginia CS 551

  20. Security Jeopardy 1 1 1 1 1 2 2 2 2 2 4 4 4 4 4 10 10 10 10 Final Jeopardy (All values in $Quadrillions)

  21. Ciphers 1 Yjq kpxgpvgf vjku ekrjgt? University of Virginia CS 551

  22. Ciphers 1 Who invented this cipher? Julius Ceasar Choices Return University of Virginia CS 551

  23. Buffer University of Virginia CS 551

  24. Ciphers 2 Kv xmmv a qjuhhgy glpiju? University of Virginia CS 551

  25. Ciphers 2 Is this a perfect cipher? No (because of spaces) Yes (encrypted with random one-time pad) Choices Return University of Virginia CS 551

  26. Buffer University of Virginia CS 551

  27. Ciphers 4 What is RSA’s recommendation for the minimum size for a secure RSA key? Choices University of Virginia CS 551

  28. Ciphers 4 What is RSA’s recommendation for the minimum size (in bits) for a secure RSA key? 128 256 512 768 1000 1024 2048 University of Virginia CS 551

  29. Ciphers 4 DAILY DOUBLE University of Virginia CS 551

  30. Ciphers 4 Given your previous answer, why did Netscape’s SSL v3 specification use 512-bit RSA keys? University of Virginia CS 551

  31. Ciphers 4 Given your previous answer, why did Netscape’s SSL v3 specification use 512-bit RSA keys? Answer: US Law (until January 2000) prohibited export of RSA implementations with more than 512-bit keys. Return University of Virginia CS 551

  32. Buffer University of Virginia CS 551

  33. Ciphers 10 Explain the following names: (Sometimes a creative “incorrect” answer is better than a dull, correct one.) CFB DES RSA RC6 SHA SSL University of Virginia CS 551

  34. Return Ciphers 10 CFB Cipher Feedback Mode DES Data Encryption Standard RSA Rivest, Shamir, Adelman RC6 Rivest Cipher (aka Ron’s Code) 6 SHA Secure Hash Algorithm SSL Secure Sockets Layer University of Virginia CS 551

  35. Buffer University of Virginia CS 551

  36. History 1 When was this written: Available within the network will be functions and services to which you subscribe on a regular basis and others that you call for when you need them. In the former group will be investment guidance, tax counseling, selective dissemination of information in your field of specialization, announcement of cultural, sport, and entertainment events that fit your interests, etc. In the latter group will be dictionaries, encyclopedias, indexes, catalogues, editing programs, teaching programs, testing programs, programming systems, data bases, and – most important – communication, display, and modeling programs. All these will be – at some late date in the history of networking - systematized and coherent; you will be able to get along in one basic language up to the point at which you choose a specialized language for its power or terseness. University of Virginia CS 551

  37. History 1 1968 J.C.R. Licklider and Robert Taylor, Computer as a Communications Device. Return University of Virginia CS 551

  38. Buffer University of Virginia CS 551

  39. History 2 Put these in chronological order by when they were invented: DES Diffie-Hellman Key Exchange LUCIFER RSA University of Virginia CS 551

  40. History 2 LUCIFER (1971) Diffie-Hellman Key Exchange (1976) DES (1977 – based on LUCIFER) RSA (1978) Return University of Virginia CS 551

  41. History 2 More correct answer: LUCIFER (1971) RSA (1973) As discovered by Clifford Cocks at GHCQ Diffie-Hellman Key Exchange (1974) As discovered by Malcolm Williamson at GHCQ DES (1977) Return University of Virginia CS 551

  42. Buffer University of Virginia CS 551

  43. History 4 Which British Naval Intelligence officer concocted a plan to steal Enigma keys by pretending to crash a German bomber near a German ship? Hint University of Virginia CS 551

  44. History 4 Which British Naval Intelligence officer concocted a plan to steal Enigma keys by pretending to crash a German bomber near a German ship? Hint: After the war, he wrote some spy novels about plans almost as absurd. University of Virginia CS 551

  45. History 4 Fleming, Ian Fleming. (Creator of James Bond). Return University of Virginia CS 551

  46. Buffer University of Virginia CS 551

  47. History 10 Who of the following (on next slide) had an office on the 5th floor of NE43 while Dave was a grad student there? (tiebreak: where were others) University of Virginia CS 551

  48. Who of the following had an office on the 5th floor of NE43 while Dave was a grad student there? (tiebreak: where were others) History 10 Fernando Corbató (leader of Multics project) Stephanie Forrest (computer immunology) Butler Lampson (leader of first PC, Xerox Alto) J. C. R. Licklider (Internet visionary) Barbara Liskov (first language with good type-safe data abstractions) Robert Morris, Jr. (author of 1988 Internet Worm) Ron Rivest (RSA) Jerome Saltzer (Multics security; principles paper) University of Virginia CS 551

  49. Who of the following had an office on the 5th floor of NE43 while Dave was a grad student there? (tiebreak: where were others) History 10  Fernando Corbató (leader of Multics project) Stephanie Forrest (computer immunology) Butler Lampson (leader of first PC, Xerox Alto) J. C. R. Licklider (Internet visionary) Barbara Liskov (first language with good type-safe data abstractions) Robert Morris, Jr. (author of 1988 Internet Worm) Ron Rivest (RSA) Jerome Saltzer (Multics security; principles paper)  On 6th floor, and in New Mexico.   Died in 1990.    Return On 3rd floor.  University of Virginia CS 551

  50. Buffer University of Virginia CS 551